An SQL injection attack consists of insertion or “injection” of a malicious data via the SQL query input from the client to the application. In our example project we have a small Spring Boot based blog application. This application exposes an endpoint to fetch blog articles based on the author:

Modern applications development is a mix of custom code and many pieces of open source. The developer is normally very knowledgeable about their custom code but less familiar with the potential risk of the libraries/components they use. A study from Black Duck which covers more than 200 applications shows that 95% of the projects use open source libraries (see open source security analysis). Important side note is we only use a fraction of all the libraries imported into a project.